Description
A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input.
Published: 2026-03-02
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A command injection flaw in ModelScope's ms‑agent allows an attacker to embed arbitrary operating system commands into prompt‑derived input, enabling the execution of malicious code on the host. The weakness is classified as CWE‑77, exposing the system to serious confidentiality, integrity, and availability risks.

Affected Systems

ModelScope ms‑agent, specifically all releases up to and including v1.6.0rc1.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity, while the EPSS score of 2% reflects a low but measurable likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a remote attacker sending crafted prompt content to the agent’s exposed network interface; this inference is based on the way the ms‑agent processes prompt input.

Generated by OpenCVE AI on April 17, 2026 at 13:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the ms‑agent to a version that includes the command injection fix.
  • If an upgrade cannot be performed immediately, disable or tightly restrict the prompt‑execution feature in the agent’s configuration and implement strict validation to reject shell‑command patterns.
  • Apply network segmentation or firewall rules to limit inbound connections to the agent’s interface, reducing the surface for remote exploitation.
  • Enable comprehensive logging and monitoring of ms‑agent input streams to detect and respond to attempted injection attacks.

Generated by OpenCVE AI on April 17, 2026 at 13:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-4gc2-344q-r2rw MS-Agent vulnerable to Command Injection
History

Thu, 05 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 04 Mar 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Modelscope
Modelscope ms-agent
Vendors & Products Modelscope
Modelscope ms-agent

Tue, 03 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-77
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 22:30:00 +0000

Type Values Removed Values Added
References

Mon, 02 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Description A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input.
Title Command injection vulnerability in ModelScope's ms-agent
References

Subscriptions

Modelscope Ms-agent
cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2026-03-03T20:07:24.775Z

Reserved: 2026-02-09T15:23:17.916Z

Link: CVE-2026-2256

cve-icon Vulnrichment

Updated: 2026-03-02T21:10:07.108Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-02T21:16:27.797

Modified: 2026-03-03T21:52:29.877

Link: CVE-2026-2256

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-02T20:09:11Z

Links: CVE-2026-2256 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T13:30:19Z

Weaknesses